[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#907493: [SECURITY] [DSA 4288-1] ghostscript security update

Dear security team,

On 09/07/18 23:23, Moritz Muehlenhoff wrote:
> Package        : ghostscript
> CVE ID         : CVE-2018-15908 CVE-2018-15910 CVE-2018-15911
>                  CVE-2018-16511 CVE-2018-16513 CVE-2018-16539
> 		 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542
> 		 CVE-2018-16543 CVE-2018-16585

The latest upload of ghostscript to unstable, which as far as I know
only tried to fix some of these CVE's, caused the autopkgtest of
multiple packages to start timing out (bug 907493). Were you aware of
that and have you done any testing to verify that this isn't an issue
for the stable upload?

If so, that would be an interesting data point for the bug. If not, you
may be facing the same regression in stretch. I have the wild hunch that
this is related to the openssl upstream bump in unstable, but nobody has
verified that yet. If stretch is no not seeing this regression that
would mean there may also be a path to fix testing/buster until we
figure out what needs fixing in ghostscript.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: